Hi Tony, I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric.
Thanks, Ken > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony > Sent: Saturday, May 31, 2003 3:33 PM > To: eric wolzak; Leaf-User > Cc: [EMAIL PROTECTED] > Subject: RE: [leaf-user] weblet extension version 2 > > > HI Eric and Jeff, > > Thanks Eric for the code, this is half of what I was looking > for, Jeff gave the other half. If you use the proverb: > > Give a man a fish, he eats today > Teach a man to fish, he eats forever > > you both gave me one of those lines and I appreciate it. > > But, I do have some questions about the code, I can get the > portsort section to work (from a previous e-mail, but the > ipsort section is giving me the headers, but no data under it. > > I have some observations, but should I move this discussion > to the devel list? I don't want to clog up this list with > any more messages than necessary. > > Please advise, and I can pick up with my observations. > > Thanks, > > Tony > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > eric wolzak > > Sent: Saturday, May 31, 2003 12:26 PM > > To: Tony; Leaf-User > > Subject: Re: [leaf-user] weblet extension version 2 > > > > > > Hello Tony > > > > > > Another variant is to change in the file viewhits the > option ipsort to > > ------------------------- > > ipsort) > > HEAD='<tr><td width="50"> Hits > > </td><td>IP-Adress</td><td> </td></tr>' > > > > AUS="`grep "DPT=$content " /var/log/messages |\ > > sed 's/.*SRC=\(.* \)DST.*$/<a > > href=viewhits?x_\1>\1<\/a><\/td><td><\/td><\/tr>/'| > > sort -n | uniq -c |sort -rn|\ > > sed 's/^/<tr><td>/ > > s/<a/<\/td><td><a/`" > > ;; > > --------------------------- > > this is a little bit slower but let you click on each ip > address that > > tried to connect to the certain port and shows the > messages that it > > caused, including those to another port > > > > Regards > > Eric Wolzak > > member of the bering crew > > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: eBay > Get office equipment for less on eBay! > http://adfarm.mediaplex.com/ad/ck/711-11697-> 6916-5 > > > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
